What Is a DDoS Attack?

Written by Coursera Staff • Updated on

Learn more about distributed denial of service (DDoS) attacks, including the different attack types and tips for preventing them.

[Featured image] A cybersecurity analyst is working with physical servers while holding a laptop.

A distributed denial of service (DDoS) attack is a cyber threat that overwhelms an online resource with traffic, causing the web service to fail to operate normally and possibly even go offline. This threat is capable of doing significant harm to a business, preventing users from gaining access to sites, or significantly slowing down the web server to the point it becomes inaccessible.

Attacks can last for several hours and, in severe cases, prevail for multiple days. Many businesses and organizations rely heavily on their online platforms so a DDoS attack can come with significant consequences. 

Placeholder

professional certificate

Google Cybersecurity

Get on the fast track to a career in cybersecurity. In this certificate program, you'll learn in-demand skills, and get AI training from Google experts. Learn at your own pace, no degree or experience required.

4.8

(39,240 ratings)

842,561 already enrolled

Beginner level

Average time: 6 month(s)

Learn at your own pace

Skills you'll build:

Python Programming, Security Information and Event Management (SIEM) tools, SQL, Linux, Intrusion Detection Systems (IDS), Packet Analyzer, Security Hardening, Network Security, Transmission Control Protocol / Internet Protocol (TCP/IP), Network Architecture, Cloud Networks, escalation, resume and portfolio preparation, stakeholder communication, Job preparedness, integrity and discretion, Cybersecurity, Information Security (INFOSEC), Ethics in cybersecurity, NIST Cybersecurity Framework (CSF), Historical Attacks, Computer Programming, Coding, PEP 8 style guide, NIST Risk Management Framework (RMF), Security Audits, Incident Response Playbooks, Authentication, vulnerability assessment, Cryptography, asset classification, threat analysis, Command line interface (CLI), Bash

Attackers may strategically time DDoS attacks during critical time periods. For example, an online retailer could suffer an attack on a high-volume shopping day such as Black Friday, where its website becomes inaccessible, causing it to lose a considerable amount of business. In some cases, its attackers may infiltrate databases during DDoS attacks and gain access to sensitive information due to security vulnerabilities being exploited. 

What is an example of a DDoS attack?

An example of a DDoS attack is an HTTP flood, during which the attackers aim to overwhelm the HTTP server by repeatedly requesting the page, eventually downing the service. Cybercriminals carrying out this activity use malicious software to infect many computers to send requests to the websites, making it seem like legitimate internet traffic.  

Placeholder

How to prevent DDoS attacks

Preventing and identifying DDoS attacks can come with challenges since it may be difficult to differentiate genuine traffic from attack traffic. One strategy for preventing DDoS attacks is rate limiting. Rate limiting puts a limit on the number of requests a server will accept over a given period of time. Web application firewalls (WAF) are especially useful in preventing application layer attacks by protecting the server from illegitimate traffic. 

Types of DDoS attacks

Here are the three main types of DDoS attacks:

  • Application layer attacks: Application layer attacks aim for the software that provides the web service. It typically exhausts the target’s resources making this type of DDoS attack challenging to defend against.

  • Protocol attacks: Protocol attacks, also known as state-exhaustion attacks, target firewalls or the device's operating system. This consumes the resources of these network-based devices and servers, causing the inaccessibility of web services.

  • Volumetric attacks: Volumetric attacks use extreme amounts of traffic to congest the target. This overwhelming flood of traffic consumes all of the available bandwidth, and services become unavailable as a result. 

Learn how to counter a DDOS and build cybersecurity skills on Coursera

If you’re ready to get started in a cybersecurity career, consider enrolling in the Google Cybersecurity Professional Certificate on Coursera. Learn how to use job essential tools like Splunk, Chronicle, playbook, and more. This program is designed ​​to help individuals with no previous experience find their first job in the cybersecurity field, all at their own pace. 

Placeholder

professional certificate

Google Cybersecurity

Get on the fast track to a career in cybersecurity. In this certificate program, you'll learn in-demand skills, and get AI training from Google experts. Learn at your own pace, no degree or experience required.

4.8

(39,240 ratings)

842,561 already enrolled

Beginner level

Average time: 6 month(s)

Learn at your own pace

Skills you'll build:

Python Programming, Security Information and Event Management (SIEM) tools, SQL, Linux, Intrusion Detection Systems (IDS), Packet Analyzer, Security Hardening, Network Security, Transmission Control Protocol / Internet Protocol (TCP/IP), Network Architecture, Cloud Networks, escalation, resume and portfolio preparation, stakeholder communication, Job preparedness, integrity and discretion, Cybersecurity, Information Security (INFOSEC), Ethics in cybersecurity, NIST Cybersecurity Framework (CSF), Historical Attacks, Computer Programming, Coding, PEP 8 style guide, NIST Risk Management Framework (RMF), Security Audits, Incident Response Playbooks, Authentication, vulnerability assessment, Cryptography, asset classification, threat analysis, Command line interface (CLI), Bash

Updated on
Written by:
Coursera Staff

Editorial Team

Coursera’s editorial team is comprised of highly experienced professional editors, writers, and fact...

This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.